chevron-down Created with Sketch Beta.

Federal Action against EHR Vendors Continues

By John Jay Kenagy, Ph.D., J.D., Senior Vice President / Chief Information and Administrative Officer, Legacy Health, Portland, OR

The U.S. Department of Justice (DOJ) continues to use all of its legal tools to address fraud in the electronic health record (EHR) industry.  In the February 2021 edition of The Health Lawyer,1 this author described concerted efforts over the past five years by the DOJ and the Office of the Inspector General (OIG) of the Department of Health and Human Services (HHS) to uncover and address unlawful and fraudulent activities by four major players2 in the industry.  As of January 28, 2021, the number is now five.

Athenahealth, Inc., a privately held corporation based in Watertown, Massachusetts, agreed to pay $18.25 million to settle a complaint-in-intervention filed by the DOJ for violations of the False Claims Act and Anti-Kickback Statute by paying unlawful kickbacks to generate sales of athenaClinicals, its EHR product.3  The complaint filed in the District of Massachusetts4 described three illegal programs: (1) a “Concierge Event” program that provided current and potential clients’ executives, physicians, and decision-makers with all-expense-paid trips to events such as the Kentucky Derby, Masters Golf Tournament, Indy 500, New York Fashion Week, and other football, basketball, and baseball games to induce the purchase of Athena’s clinical software;5 (2) a “Client Lead Generation” program which paid existing clients up to $3,000 per physician for referrals of potential clients; and (3) a “Conversion Deal” program with competing EHR vendors who were discontinuing their products for recommendations to Athena’s EHR platform.  The settlement resolves two separate qui tam lawsuits in which the government intervened; two of the original three plaintiffs were chief executive officers of two Arizona-based home health agencies.  The Settlement Agreement covers the terms of the payment but does not require further obligations of the software vendor.6

In another EHR fraud case, former Practice Fusion sales executive Steven Mack pled guilty on March 8, 2021 of attempting to obstruct the federal investigation of the relationship between the software company and Purdue Pharma LLP, the seller of OxyContin.7  Practice Fusion sought and Purdue Pharma paid nearly $1 million to implement a clinical decision support alert in Practice Fusion’s EHR software to prompt physicians to prescribe more extended-release opioids.  Mack, who was the former director of National Accounts, admitted deleting hundreds of computer files relevant to the investigation.  He became the fourth individual to be held personally accountable in federal EHR fraud investigations, joining three eClinicalWorks executives8 in 2017 in the first and largest of these government actions.

These ongoing developments suggest that federal government law enforcement sees fraud and abuse in the lightly regulated EHR industry as a potential threat to federal healthcare financing programs and ultimately a potential risk to patients and the public.  The EHR fraud cases also demonstrate the use of whistleblowers whose inside knowledge can raise flags on potential illegal activity and bring on the weight of the government’s investigatory and settlement powers to seek changes in the industry.

  1. Kenagy, J.J., Regulating Electronic Health Records Through the “Nuclear” Threat and Other Enforcement Options: Federal Government Actions to Compel EHR Industry Changes, The Health Lawyer, Vol. 33 No. 3 (February 2021).
  2. eClinicalWorks, Greenway Health, Practice Fusion, and Viztek have each agreed to settlement agreements with the DOJ to resolve false claims and other alleged violations of federal law between 2017 and 2020.
  3. Press Release: Electronic Health Records Technology Vendor to Pay $18.25 Million to Resolve Kickback Allegations, U.S. Dep’t of Justice (Jan. 28, 2021),
  4. United States’ Complaint in Intervention, U.S. ex rel. Sanborn v. Athenahealth, Inc., (D. Mass. Jan. 25, 2021),
  5. Internal documents obtained by the DOJ documented issues in recruiting guests because the lack of business justification presented “compliance issues that prevented them from accepting” invitations.
  6. U.S. Dep’t of Justice, Settlement Agreement (Jan. 27, 2021),
  7. Press Release: Former Practice Fusion Sales Executive Pleads Guilty to Obstructing Government Investigations Into Purdue Pharma and Practice Fusion, U.S. Dep’t of Justice, D. Vt. (Mar. 8, 2021),
  8. eClinicalWorks’ chief executive officer, chief medical officer, and chief operating officer were each held jointly and severally liable for payment of nearly $155 million.

About the Author

John Kenagy, Ph.D., J.D. serves as senior vice president and chief information and administrative officer at Legacy Health.  He has responsibility over information services, informatics, facilities operations, clinical engineering, safety and security, and corporate compliance for the largest nonprofit, community-owned health system in the Portland, Vancouver, and North Willamette Valley region.  Dr. Kenagy has served as a healthcare chief information officer for over 20 years, working in a variety of health systems including federal government, academic, and faith-based organizations.

Dr. Kenagy completed his Juris Doctor degree from Lewis & Clark Northwestern Law School in January 2021.  During his part-time studies, he was a member and article editor of the high-ranking Lewis & Clark Law Review.  He was inducted into the international legal honors society of Phi Delta Phi and received a Certificate in Business Law upon graduation.  In 2007, he was awarded the Doctor of Philosophy degree from Capella University’s School of Business and Technology. His doctoral research focused on healthcare information technology implementation success.  He earned his Bachelor of Science degree in electrical engineering at Stanford University and a Master’s degree in Healthcare Administration at the University of Southern California.  He may be reached at [email protected]